Help/About/Licensing shows more Users than enumerating Users in the managed domain. (NETIQKB71316)

  • Document ID:7771316
  • Creation Date:28-Oct-2008
  • Modified Date:03-Dec-2008
    • Micro Focus Products:
      Directory and Resource Administrator

Environment

Directory and Resource Administrator 7.x
Directory and Resource Administrator 8.x

Situation

Help/About/Licensing shows more Users than enumerating Users in the managed domain.

Error: "You have exceeded the number of user accounts you are licensed to manage".

Fewer Users show in the managed domain than DRA is counting toward licensing.
How do I create a custom UI page to display objects with the 'ShowInAdvancedViewOnly' flag?

Resolution

By default in Client Options, DRA does not have the 'Show advanced Active Directory objects' option turned on.  Any objects with the 'ShowInAdvancedViewOnly' flag enabled will therefore not be displayed when enumerating objects in the managed domain(s).  However, when DRA performs its license check, any and all User and InetOrgPerson objects are enumerated AND counted toward licensing despite having this flag enabled or not.  Therefore, discrepancies can occur where DRA licensing shows more Users counted toward licensing than are viewable or displayed when all managed domains are enumerated and totalled.

To enable DRA to view objects with the 'ShowInAdvancedViewOnly' flag enabled:

  1. Launch the Delegation and Configuration console.
  2. Select Configuration Management and Update Adminstration Server Options.
  3. Select Client Options.
  4. Turn on the 'Show advanced Active Directory objects' option.
  5. Click OK to exit.
  6. Re-connect to the DRA server or refresh the console.

Note: No service restart or Account Cache Refresh is required to view Advanced Active Directory objects once the option is turned on.

DRA does not display the 'ShowInAdvancedViewOnly' attribute field by default on User objects (or other managed object types).  You can, however, create a custom UI page to display this attribute.  To do so:

  1. Launch the Delegation and Configuration Console.
  2. Select Configuration Management.
  3. Right-click User Interface Extensions and select New\User Page.
  4. Bypass the Welcome screen and type in Show In Advanced View Only for the page name and click Next.
  5. Click Add and Browse and type 'showInAdvancedViewOnly' and click Find Now.
  6. Select the showInAdvancedViewOnly attribute and click OK.
  7. Uncheck the boxes under Where do you want this property to appear section for The new user wizard and The clone user wizard.
  8. Click OK.
  9. Click Next and Finish.

 

Cause

User accounts with the "ShowInAdvancedViewOnly" flag set exist in the managed domain and DRA is not configured to view these objects.

Additional Information

Formerly known as NETIQKB71316

Active Directory Users and Computers (ADUC) also does not display the 'ShowInAdvancedViewOnly' attribute.  This is only viewable using ADSIEDIT.